80738163270632 is the blog of Hernán Morales Durand

Menu

lunes, 5 de septiembre de 2016

Territorial is a Smalltalk library for Geographical Information Retrieval (GIR) in geopolitical objects. It was originally designed for a Phylogeographic Information Retrieval system based in BioSmalltalk.

There will be no scripts in this post, everything is explained in the Territorial User Manual (PDF). The Territorial library has two locations: SmalltalkHub is where I will commit latest changes. The GitHub repository for bug reporting and maintaining documentation until I find comfortable using GitHub from Pharo in Windows.

Territorial is also a never-ending task, a library like this couldn't ever be finished. But now it is public under the MIT license, ready to get your ideas, issues and patches. If you want to discuss about features, ports to platforms or other collaboration opportunities, please do not hesitate to contact me.

Pharo

VisualWorks >= 7

ExternalInterface currentPlatform.

Dolphin 7

OSVERSIONINFO current osName.
OSVERSIONINFO current isWinV5OrLater
OSVERSIONINFO current isWinV6OrLater
OSVERSIONINFO current isWinVista
OSVERSIONINFO current isWinXP
OSVERSIONINFO current isWinXPOrLater
OSVERSIONINFO current isNT

miércoles, 25 de mayo de 2016

Overview

This is another GraphViz post for Pharo Smalltalk. A few days ago I committed a working version of GraphBuilder. It was mostly coded by Lukas Renggli and I updated the package to work with the current Pharo images and added minor features (like displaying commit date in the nodes).

Installation and Usage

To install the package, open the Catalog Browser, select and install GraphViz, or evaluate the following expression:

domingo, 9 de agosto de 2015

Introduction

If your application lists any of Yugoslavia, Czechoslovakia, South Yemen, USSR, Serbia and Montenegro countries then you have an obsolescence problem. The same as if it doesn't known about South Sudan, Jersey or East Timor.

Geopolitical map has changed, countries around the world have dissolved, merged and new ones were created. As of August 2015, ISO web site lists 249 official countries. Unfortunately their list is not made available free of charge, but there are a few reliable places where its lists is available (ex: Wikipedia).

To keed updated regarding world political situation and providing more features, I developed an ISO 3166-1 wrapper to access objects into a ISO3166 model. This is, including only information contained in the ISO standard, not calling codes, not language tags or other data located at external standards. Installation instructions, usage and reference links are provided in this document. Code is in the SmalltalkHub repository. The Metacello Configuration is accessible from the Pharo Configuration Browser, in Pharo 4 (released in 2015), or Pharo catalog in Pharo 5 (to be released in 2016).

Documentation is available in PDF format. Suggestion, fixes and improvements are very welcome. Don’t hesitate to contribute if you want to add new features.

Examples

To get a sorted Collection with all ISO-3166 codes:

ISO3166P1 sortedIso3166Codes.

To obtain a Collection of all the countries with all ISO-3166 country names:

miércoles, 15 de abril de 2015

Installation

I have updated the Iliad Web Application Server to load properly in Pharo 4 (good tutorials here and here). All tests passes. As usuall you can load it from the Configuration Browser or by evaluating the expression:

viernes, 27 de febrero de 2015

Introduction

Language Detection API is a service to query the language of a given input text. You will need to register an API key in the web site http://detectlanguage.com to use the service. This client enables to use the service from Pharo Smalltalk. The output is an object containing the language code, a confidence score and a 'is reliable' boolean value.

Installation

Inside Pharo, open the Configuration Browser and select LanguageDetection, then Install. Or evaluate the following expression:

miércoles, 25 de febrero de 2015

Introduction

StNER provides a Pharo Smalltalk interface to the Stanford Named Entity Recognizer (NER). The Stanford NER recognizer is an implementation of a Named Entity Recognizer, used for tagging raw text which is a central task in Information Retrieval and Natural Language Processing. The input is a sequence of words in a text, and the NER classifier - using already trained data - try to recognize typically three types of "Named Entities" (NEs) : NAME, LOCATION and ORGANIZATION (more classes exists). The output is the tagged text in some common tagging format for tagging tokens. This recognizer works better on input more similar to the already trained labeled data sets (muc6, muc7, conll2003), however there are reports to use it with tweets, and you can retrain to recognize entities for your particular needs.

To recognize text in other languages, for example, Chinese, German, or Spanish, a different classifier (in this context a .tgz file) can be used (see NLP Stanford Demo).

Client Usage

StSocketNERClient new
tagText: 'University of California is located in California, United States'

and the output will be:

'University of California
is located in California,
United States' "

Another example including PERSON tagging:

StSocketNERClient new
tagText: 'Argentina President Kirchner has been asked to testify in court on the death of Alberto Nisman the crusading prosecutor who had accused her of conspiring to cover up involvement of Iran'

which results in:

'Argentina President Kirchner has been asked to testify in court on the death of Alberto Nisman the crusading prosecutor who had accused her of conspiring to cover up involvement of Iran'

Parse text to in-line XML

StSocketNERClient new
parseText: 'University of California is located in California, United States'

martes, 24 de febrero de 2015

Introduction

GADM is a high-resolution spatial database of the location of the world's administrative areas for use in GIS and similar software. GADM is freely available for academic and other non-commercial use. The data contained in GADM was collected from spatial databases provided by NGO, National Governments, and/or maps and list of names available on the Internet (e.g. from Wikipedia).

Administrative areas include: countries, provinces, counties, departments, etc. up to five sublevels, which cover most boundaries in the world. For each level it provides some attributes, foremost being the name and in some cases variant names. GADM can also be used to extract polygon shapes for visualization, for example to build choropleth maps for regions.
The GADM package includes the raw data in CSV format, which I parsed to build a browseable GADM world tree, allowing off-line access to the GADM database in a hierarchical fashion with objects, without need to perform on-line queries for basic requests. A hierarchical tree can be used to build a toponym browser for example.

Installation

From within Pharo 3, or Pharo 4 you can use the Configuration Browser, or evaluate the following expression:

sábado, 7 de febrero de 2015

The post you are reading is about password enforcement rules in the Application Security package, released as Open Source on March 2014 for the Pharo Smalltalk community. Rules which you can set up are:

Increase the password length, which results in increasing the number of combinations search space.

Increase the size of character set, to increase the number of password combinations.

The default character set in the Application Security package, includes uppercase and lowercase letters, numbers and a set of non-letters. This forms a 95-character set as recommended by the FIPS, and if passwords are between 5 and 8 characters, a brute-force attack would have to guess between 7.7 billion to 6.6 quadrillion combinations. It is possible to change the password creation rules by creating checkpointed validation settings:

Recent password research, have claimed that using passphrases increase the combinations needed by brute-force attacks, but there is more chance of making typographical mistakes, and so is good practice to increase the number of allowed failure attempts. This can be done in Application Security by evaluating:

" Set the maximum count of allowed fails per user during a period of time "
" Default is 40 "
settings maxUserFailCount: 5.

jueves, 15 de enero de 2015

I have collected some information on the accepted Google Summer of Code for Smalltalk projects over the last years. Please let me know if you want to improve it.
If your browser cannot display the embedded frame, try opening in another window

miércoles, 19 de noviembre de 2014

Introduction

The content of this post is a survey report of a Smalltalk questionnaire. The purpose of this report is to determine the opinion of developers about Smalltalk related topics. A limit of 10 questions was imposed to the survey because of the SurveyMonkey Free Account limitations.

The survey was anonymous and contained partially structured questions with open-ended questions where participants could add thoughts or missing options. The survey was conducted from 11/10/2014 to 30/10/2014. Only the first week of the survey non-smalltalk forums were privileged. The information below summarize statistics:

Survey Statistics

(Click the following figures to open the whole image)

Question 1 highlights

Smalltalk was not listed as an option in the valid responses.

This question was mostly directed to non-smalltalkers.

Question 2 highlights

Goal of the question was to determine a general attitude towards the technology.

There is a good reception of Smalltalk, although respondents where scarce (22).

This question was mostly directed to non-smalltalkers.

Question 3 highlights

The idea was the same as Question 2, but focused towards a professional level of choice.

This question was directed to both smalltalkers and non-smalltalkers.

Question 4 highlights

The question tried to determine the Smalltalk platforms most used.

This question was mainly directed to smalltalkers.

Unsurprisingly, Pharo, VisualAge and VisualWorks seem to be the most deployable environments.

More recent or commercial projects like S8, Smalltalk MT or LSW are almost unknown.

The respondents also noted Amber as ocasionally used or prototyped/deployed a product.

Question 5 highlights

This question is similar to Question 4, but focused on the current use.

Products like VisualSmalltalk and Smalltalk/X, both considered (technically) excellent Smalltalk flavors, keep almost unused.

Question 6 highlights

This question addressed four technology aspects: Usability, Speed, Community Health and Overall.

There is a notable unsatisfaction at the Community level for most Smalltalk communities.

The old fallacy of Smalltalk being slow seems to be almost refuted by a general satisfaction in execution speed.

Maybe unexpectedly, the usability award was for VisualSmalltalk.

Question 7 highlights

All respondents answered this question.

Besides the expected noise towards libraries for common application scenarios, there is a considerable interest in Data Science (Visualization, Mining, etc).

lunes, 27 de octubre de 2014

Introduction : GraphViz in Pharo

GraphViz is a popular free graph visualization library currently used in many applications. In GraphViz you describe a graph in text format and the software draws a pretty picture of the graph.

A GraphViz package for Smalltalk was originally available in Squeak, but it was outdated in the current Pharo releases (3.0). The package facilitates the creation of graph descriptions in the DOT language of the Graphviz graphing tool. You write the graph using the beautiful Smalltalk syntax, and the GraphViz class generates the output in all available formats (dot,svg,png,jpg,gd,etc).

Now I have uploaded a new Metacello Configuration for GraphViz in Pharo 3.0, available in the Configuration Browser. To use it, GraphViz should be installed and present in the PATH environment variable. More useful information can be found in the original repository (Connectors compatibility is still missing until we get a Connectors version which loads in Pharo 3 or 4).
The Configuration loads both stable versions of CommandShell and XML-Parser packages.

A Smalltalk Family Tree

I have collected the Smalltalk implementations I know and grouped them in a graph by what could be considered their "family". Some of them are not supported anymore, others are difficult to find or get executed again. Exotic or very old Smalltalks like Bricktalk, DuoTalk, Marvin, etc. were not included because there are too few references on the web. Now by looking at it in perspective, one could understand why Smalltalk is considered the most evolved and state-of-the-art programming environment. Here is the resulting graph :

lunes, 20 de octubre de 2014

Introduction

So I did a short on-line Smalltalksurvey to find out where is the technology today, and what could be expected in the future, by asking people about their experiences and expectations with Smalltalk. Any programmer could participate and answer. The survey was designed to a broad developer audience.
Why is important you take this survey? Because you could help to a small(talk) community to uncover answers, to gather feedback and meaningful opinions, and to evolve by telling what you need most. The survey is open until 31/10/2014 at 3:15 a.m.

The survey is not biased towards any particular Smalltalk flavor (I am not affiliated with any particular Smalltalk provider). The following Smalltalk platforms have been included (any other not listed flavor can be added):

Methodology

I have collected a list of well-known forums containig "General Computer Programming" sub-forums, as most forums do not contain a Smalltalk sub-forum. I have rejected all programming sub-forums specific to a particular language, for example: JavaForum, PHPDevForum, "General C++ Forum", etc. Because:

Posts with surveys related to other programming language are not commonly accepted

They are marked as off-topic or closed.

It could be seen as promotion which is not the intent of this survey.

Results

The survey is still running! You can come back after 31/10/2014 and check responses.

lunes, 13 de octubre de 2014

Introduction

As commented in my previous post, CheckPoint is a security pattern to avoid unauthorized access to a system.

The nice idea of the design pattern is to delegate complex validation behavior into specific classes which can manage events, response actions and statistics, completely transparent to your application. CheckPoints could be used to bypass validations for specific cases too. For example if you are debugging or testing your application, you don't want to be constantly bothered by timeouts and logins, you don't want to bias security statistics, and certainly you don't want to debug into someone's new bug merged in your repository, in the middle of your workflow.

The following sections describe how to use core classes for a typical application scenario.

Basic workflow

Let's assume an application is globally represented by a Singleton class, and it has different states. An state could be "in deployment mode" or "in testing mode". Each of these "modes" contain behaviors, implemented in specific CheckPoint subclasess. This simply means, you can use a Global Application class to answer a default CheckPoint class for your needs.

An example: Our Singleton manages application's state, and so it could be asked which CheckPoint should be assigned to each user, at a specific scenario he is in. This is, CheckPoint instances are associated to user sessions. Initially all newly created users will have a "invalid" or "unregistered" state. When the user begins the registration process, its session is given a CheckPoint instance to behave accordingly.

From here two different security scenarios are possible, depending on the registration state. Each scenario is represented by a CheckPoint subclass:

ASRegisterCheckPoint : Should be assigned while the (candidate) user is not confirmed as user. Maintains a registration object (ASUserRegistration), responsible to hold an unique link identifier, the registration time, and the corresponding candidate instance (ASCandidateUser). To optimize resources, a candidate user manages expiration (#hasExpiredRegistration) and that's a reason why is important to keep a #registrationDate.

ASDeployCheckPoint: This is a "common" CheckPoint which should be used for production systems, and when a registered user signs-in a system. It checks against typical login conditions, which we will se below in the Using the CheckPoint section.

Trying to add another candidate with the same username will raise an ASUserExists exception. Ideally you should catch and handle it appropiately in the context of your application. You can now query if you can register this candidate:

cp isValidPendingRegistrationId: newRegId.

and register as valid user in your system:

cp registerCandidateAsUser: newRegId.

Using the CheckPoint

Continuing with the Session-based example, login code which uses the CheckPoint could ask for the current user CheckPoint, and perform a global validate and retrieve:

CheckPoint verifications

Login an user should perform a number of checks which, many times, are application security specific. The default implementation is naive, but useful for many cases. For specific security requirements, validation settings are customizable by subclassing ASDeployCheckPoint and specializing the method #validateAuthSettingsLogin:password:machine:. This is how looks like as in the current release:

(Remember, this is not code checking on User-Agent side, this is Application Security so your application's security can be guarantee independently of UI code).

A first look at Validation Settings

If you have ever worked with an Expert System, you already know what a Rule-Base is, and probably have figured out that all verifications could be easily written using rules. Although currently Application Security does not use rules, it seems a good point to note the direction where our model should be going to (if you want to read a really cool chapter about Rules-Based Expert Systems, try the one from Robbie T. Nakatsu in Diagrammatic Reasoning in AI)

As they are CheckPoint specific, they could be changed at run-time for an user or a group of users, which is very handy for debugging purposes. And that's all for today, in the following post I will post how to set up password rules to customize validation settings. See you soon.

jueves, 27 de marzo de 2014

Introduction

I have implemented a package called "Application Security" to provide a domain-independent security model which you can easily instantiate in your applications. It is based in patterns from the Application Security Pattern System introduced by J. Yoder and J. Barcalow in a PLoP (Pattern Language of Programs - a workshop for pattern researchers) paper in 1997, which contains about 290 citations as of today.

Disclaimer

Although acceptable for my security requirements, the software security world is a neverending story. To recognize the whole dimension of this territory, I have collected a short summary of the most cited security pattern literature:

J. Yoder and J. Barcalow: One of the first security pattern languages, 7 patterns.

The Configuration automatically loads the stable versions for FFI and Nacl.

Passwords

The Application Security package contains two hasher adapters, one is the hashing provided by Grease (a package for cross-smalltalk compatibility including convenience methods), this is a SHA-1 (160-bit, 20-byte hash value) and another one which is enabled by default using Nacl cryptographic library, which uses SHA-512 through the libsodium binding for Pharo. And of course, to prevent rainbow table attacks in case of a breach, all passwords are salted.

User model

Contains following main classes:

Registered user: A valid and registered user in the system.

Candidate user: Users currently not validated or confirmed, this is for example a user which is registering. It handles regitration identifier and expired regitrations.

User group: To group users sharing common property

User registration: Maintains candidate registration information such as URL link's unique identifier for verification (during a period of time) and the candidate object.

Network

Application Security also contains Network security utilities to do access control based on IP addresses:

ASIPAddress : Represents an IP address.

ASIPAddressClass : For representing IPv4 address classes. This class is not intended to be used for doing subnetting (scaling, allocation, etc.).

ASIPAddressList : Access control list used for representing classful network architecture for IPv4 addresses. This class is not intended to be used for doing subnetting (scaling, allocation, etc.)

An IPAddress is a helper class to support querying IP address range (ASIPAddress). Follow some examples to set up useful list for filtering machines based on their IP addresses:

Repository

The repository is responsible for the persistency of secured objects. This covers queries as well as set modifications (insert/delete).
Currently it is based in the FUEL serialization package, but there is plan to make it adatable to other serializers.